SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco WebEx Event Center Vendors:   Cisco, WebEx
Cisco WebEx Event Center Discloses Potentially Sensitive Information to Remote Users
SecurityTracker Alert ID:  1030251
SecurityTracker URL:  http://securitytracker.com/id/1030251
CVE Reference:   CVE-2014-2199   (Links to External Site)
Updated:  May 29 2014
Original Entry Date:  May 16 2014
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): WBS27, WBS28, and WBS29
Description:   A vulnerability was reported in Cisco WebEx Event Center. A remote user can obtain potentially sensitive information.

Meeting identifiers are not randomly generated and can be enumerated. A remote user can use an enumerated meeting identifier to obtain potentially sensitive information, such as the meeting title, meeting organizer, time, date, and duration of the meeting.

A remote user can participate in the audio bridge.

The following versions are affected:

Cisco WebEx Business Suite (WBS29) prior to 29.5.1.14 E
Cisco WebEx Business Suite (WBS28) prior to T28L10NSP12EP13.18 (28.12.13.18 E)
Cisco WebEx Business Suite (WBS27) prior to T27L10NSP32EP31.16 (27.32.31.16 E)

The vendor has assigned bug IDs CSCuo68624 and CSCue46738 to this vulnerability.

Impact:   A remote user can obtain potentially sensitive information, including the meeting title, meeting organizer, time, date, and duration of the meeting.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC